General
-
Target
bfe9ca3a9060f8b106ef1e7448416289.exe
-
Size
240KB
-
Sample
240417-cp45bace61
-
MD5
bfe9ca3a9060f8b106ef1e7448416289
-
SHA1
aa2e83375485435a6bc81aa59e769b4888dc9ca2
-
SHA256
7755538e0afd5973ebc9e8766a817b5b562addfdde5fc3950f4bbffba9790ca9
-
SHA512
b52c1733e3b7c39da85603e1ea8013d1b1e69a4c5d9d91d64e6ab0234408f091cab8ea10a0034d8c0b88d7a21a9317591796d4c6015bf8454dec65f21e642a36
-
SSDEEP
3072:L0LhLBEcMX2oGfC33bMuLeof5Okopz3Ob:L0LhVMmtiX6JkW3U
Static task
static1
Behavioral task
behavioral1
Sample
bfe9ca3a9060f8b106ef1e7448416289.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bfe9ca3a9060f8b106ef1e7448416289.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Extracted
redline
LogsDiller Cloud (Telegram: @logsdillabot)
5.42.65.50:33080
Targets
-
-
Target
bfe9ca3a9060f8b106ef1e7448416289.exe
-
Size
240KB
-
MD5
bfe9ca3a9060f8b106ef1e7448416289
-
SHA1
aa2e83375485435a6bc81aa59e769b4888dc9ca2
-
SHA256
7755538e0afd5973ebc9e8766a817b5b562addfdde5fc3950f4bbffba9790ca9
-
SHA512
b52c1733e3b7c39da85603e1ea8013d1b1e69a4c5d9d91d64e6ab0234408f091cab8ea10a0034d8c0b88d7a21a9317591796d4c6015bf8454dec65f21e642a36
-
SSDEEP
3072:L0LhLBEcMX2oGfC33bMuLeof5Okopz3Ob:L0LhVMmtiX6JkW3U
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1